Dear All, I would like to know if during the hello-holddown's 'hello
state' there is forwarding traffic, or it only happens after this timer
reaches the working state. (the name 'working' suggests there is no
forwarding (only ha) before it and it mea...
Dear All, On my fortigate I have a mgmt interface with ip 10.10.0.1/24
in vlan10, which is also the reserved HA management interface and here
in HA there is a gateway for this: 10.10.0.254. If I work from the ip
192.168.0.50 and administer the HA clu...
Dear All, Is there any way to use dnat without a vip? I have the
following situation:clients pc --- fortigate ---- other device ---
192.168.5.5 |_ 192.168.6.6I would like to achieve:a) - A client with ip
10.10.10.10 if want to go to dst:192.168.5.5 t...
Dear All, A would like to ask if you can see the following in a session
(redis in state, and no_ofld_reason: redir-to-av), is that means the
traffic is redirected to antivirus feature? state=redir local may_dirty
src-vis nlbmisc=0 policy_id=480 auth_...
Dear All, I would like to ask what is the relationship between the
local-in-policy and the dedicated management interface? For example if
my mgmt interface has allowaccess ssh, https for a trusted host, is a
"deny src_ip=all dst_ip=mgmt_ip (or just d...
Hello,"Then I have entered just 'set' and hit enter to see a list of all
commands but it did not show any command list."After typing 'set'
command, don't you should type a question mark to see available
possibilities (and not enter again)
I don't want to try it in a production environment.The routing table
doesn't include any info about the gateway included in the HA section.
Also I can not find it in any policy routing. I'm not sure when it is
used and why not shown in the routing ta...
There is no two host with the same ip address in this scenario. There is
a router/fw which forward the packets, and if the dst address is the
host with ipA for a packet then it forwards that packet to an other
destination. With other words the extern...
Thank you for answering me. However in my case the load balancing is
unnecessary. But you helped me a lot, because I finally i saw your link
a line, which is the solution:set arp-reply disable Thank you
Update: sorry, I found that the handshake was successful on the output
side (bad mistake other side was turned off pfff), however, the data
(packets with push flag on) seems to be filtered out yet. So the
question remains. I checked the full config I...